QUANTUM CRYPTOGRAPHY

1.INTRODUCTION

Quantum Cryptography or Quantum Key Distribution (QKD) is the task of generating a private key shared between two parties using a (completely insecure) quantum channel and an authenticated (but not private) classical channel (e.g., a telephone line). The private key can then be used to encrypt messages that are sent over an insecure classical channel (such as a conventional internet connection). Unlike traditional cryptography, where the security is usually based on the fact that an adversary is unable to solve a certain mathematical problem, QKD achieves security through the laws of quantum physics. More precisely, it is based on the fact that an eavesdropper, trying to intercept the quantum communication, will inevitably leave traces which can thus be detected. In this case, the QKD protocol aborts the generation of the key. The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security. Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt and decrypt a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key.In this project report, I will give overview of fundamentals of Quantum mechanics used in the Quantum Cryptography and explain the basics of Quantum Cryptography. The most well-known QKD protocols are Bennett-Brassard-84 (BB84).

DEPT OF ECE,G.M.I.T

PAGE 1

QUANTUM CRYPTOGRAPHY

2. BASIC IDEAS IN CRYPTOGRAPHY

Cryptography is, traditionally, the study of ways to convert information from its normal, comprehensible form into an unreadable form. You cannot read without special knowledge - the practice of encryption. Although confidentiality is the traditional application of Cryptography, it is used now days to achieve broader objectives, such as authentication, digital signatures and non-repudiation. Before transmitting sensitive information, the sender combines the plain text with a secret key, using some encryption algorithm, to obtain the cipher text. This scrambled message can then be sent to the recipient who reverses the process to recover the plain text by combining the cipher text with secret key using the decryption algorithm. An eavesdropper cannot deduce the plain message from the scrambled one without knowing the key. ExampleA cryptosystem is a five-tuple (P, C, K, E, D) satisfying the following conditions: 1. P is a finite set of possible plaintexts. 2. C is a finite set of possible ciphertexts. 3. K is a finite set of possible keys. 4. For each k K, there are an encryption rule ek E and a corresponding decryption rule dk D, where ek: P C and dk : C P are functions satisfying dk (ek (x)) = x for each plaintext element x P. In the basic scenario in cryptography, we have two parties who wish to communicate over an insecure channel, such as a phone line or a computer network. Usually, these parties are referred to as Alice and Bob. Since the communication channel is insecure, an eavesdropper, called Eve, may intercept the messages that are sent over this channel. By agreeing on a secret key k via a secure communication method, Alice and Bob can make use of a cryptosystem to keep their information secret, even when sent over the insecure channel. Cryptography, not only protects data from theft, but can also be used for user authentication. In general there are two types of cryptographic schemes Secret Key (Symmetric) Public Key (Asymmetric)

DEPT OF ECE,G.M.I.T

PAGE 2

QUANTUM CRYPTOGRAPHY

2.1 SECRET KEY CRYPTOGRAPHY

Figure 2.1: Secret Key Cryptography

This system uses only private keys. This requires the private key (code) to be installed on specific computers that will be used for exchanging messages between certain users. The system works pretty much like two best friends using a decoder ring to send secret messages to each other. Both friends know which code they are using and thus, only they will have the key to crack and encode secret messages. With this form of Cryptography, it is obvious that the key must be known to both the sender and the receiver that, in fact, is the secret.

Limitations
The biggest difficulty with this approach, of course, is the distribution of the key.

DEPT OF ECE,G.M.I.T

PAGE 3

QUANTUM CRYPTOGRAPHY

2.2 PUBLIC KEY CRYPTOGRAPHY

In asymmetric Cryptography or public key Cryptography, different keys are used for encryption and decryption. When sending a message to some user, the message must be encrypted with the users public key. To decrypt the message, user uses his private key which is only known to use. The example of public key cryptography is the RSA encryption algorithm. Instead of one key, you have two: one to encrypt and a different one to decrypt. Private key. Each person keeps their other key secret, which is then called their "private key". The encryption key can be public. Public key. One of the keys allocated to each person is called the "public key", and is published in an open directory somewhere where anyone can easily look it up, for example by email address. But the encryption key doesn't help you figure out the decryption key which is owned only by an authorized receiver.

Figure 2.2 Public Key Cryptography

Eve cannot decrypt the message even if he has the public key, because only Bob owns the private key.

DEPT OF ECE,G.M.I.T

PAGE 4

QUANTUM CRYPTOGRAPHY

3. LIMITATIONS OF CLASSICAL CRYPTOGRAPHY

The exchange of keys using public key Cryptography suffers from two major flaws. First, it is vulnerable to technological progress. Reversing a one-way function can be done, provided one has sufficient computing power or time available. The resources necessary to crack an algorithm depend on the length of the key, which must thus be selected carefully. One must indeed assess the technological progress over the course of the time span during which the data encrypted will be valuable. In principle, an eavesdropper could indeed record communications and wait until he can afford a computer powerful enough to crack them. The second flaw is the fact that public key Cryptography is vulnerable to progress in mathematics. In spite of tremendous efforts, mathematicians have not been able yet to prove that public key Cryptography is secure. If a quantum computer was developed, nearly all cryptographic systems would easy to attack and become practically worthless.

DEPT OF ECE,G.M.I.T

PAGE 5

QUANTUM CRYPTOGRAPHY

4. NEED FOR QUANTUM CRYPTOGRAPHY

Since Moore's law predicts the doubling of transistor density every 18 months it will become increasingly easy to break cryptographic keys as computational power doubles. For example, the 512 bit RSA public-key cryptosystem developed in 1977, can be broken by university research groups within a few months. Even though keys of 2048 bits are considered by many to be secure for decades, if the huge processing power of futuristic quantum computers can be implemented, then most public key cryptography will become history. Behind the scenes, cryptographic technologies underpin a great deal of the security that we take for granted. Yet with ever more powerful computers, the encryption and decryption methods that underpin secure communications are under threat. IST researchers are identifying new ways of shoring up defences through advanced quantum computing.

DEPT OF ECE,G.M.I.T

PAGE 6

QUANTUM CRYPTOGRAPHY

5.QU-BITS
The most important unit of information in computer science is the bit. There are two possible values that can be stored by a bit: the bit is either equal to 0 or equal to 1. These two different states can be represented in various ways, for example by a simple switch or by a capacitor: if not charged, the capacitor holds the value zero; if charged, it holds the value one. In quantum information theory, the basic unit of information is a qubit, or quantum bit. While a classical bit can exist in only one of the distinct logical states 0 and 1, a qubit can be in a superposition of states. The state of a qubit can be manipulated using quantum logic gates. A quantum register containing n qubits can exist in a superposition of 2n different states at once. There exist many possibilities to physically represent a qubit in practice, as every quantum system with at least two states can serve as a qubit. For example, the spin of an atom or the polarization of a light particle can represent the state of a qubit. With the rectilinear polarization, represented as +, bit 1 is represented by 90 deg photon and 0deg represents bit 0. With diagonal polarization, bit 0 is represented by 45 deg photon, and bit 1 is represented by 135 deg photon. .

Figure 5.1: Representation of qu-bits

DEPT OF ECE,G.M.I.T

PAGE 7

QUANTUM CRYPTOGRAPHY

6. QUANTUM MECHANICS USED IN QUANTUM CRYPTOGRAPHY

The properties of Quantum Physics which the communication secure are6.1. Heisenberg's uncertainty principle. 6.2. Quantum Entanglement. 6.3. No Cloning Theorem.

6.1.HEISENBERG UNCERTAINTY PRINCIPLE

The foundation of quantum Cryptography lies in the Heisenberg uncertainty principle, which states that certain pairs of physical properties are related in such a way that measuring one property prevents the observer from simultaneously knowing the value of the other. The effect arises because in quantum theory, certain pairs of physical properties are complementary in the sense that measuring one property necessarily disturbs the other. This statement is known as the Heisenberg uncertainty principle. In particular, when measuring the polarization of a photon, the choice of what direction to measure affects all subsequent measurements. For instance, if one measures the polarization of a photon by noting that it passes through a vertically oriented filter, the photon emerges as vertically polarized regardless of its initial direction of polarization. So if an eavesdropper on the channel wants to know the information, he has to measure the qu-bit that is nothing but the photon. And if he measures, certain properties will be changed according to the principleMeasuring one property disturbs the other. This change can be detected at the receiver end and thus the eavesdropper is detected.

DEPT OF ECE,G.M.I.T

PAGE 8

QUANTUM CRYPTOGRAPHY

6.2.QUANTUM ENTANGLEMENT

Quantum entanglement means that qubits can be prepared in such a way that their properties remain linked, even if they are far apart. They cannot be characterized as distinct particles, so they are referred to as "entangled". If the state of one entangled particle is changed, the state of the other changes instantaneously. It is a state of two or more quantum particles, e.g. photons, in which many of their physical properties are strongly correlated. The photon may spilt into 2 photons having opposite spin. and if the eavesdropper gets only one of those photons, he can not predict anything. Because, The entangled particles cannot be described by specifying the states of individual particles and they may together share information in a form which cannot be accessed in any experiment performed on either of the particles Alone. This happens no matter how far apart the particles may be at the time.

6.3.NO CLONING THEOREM

The no cloning theorem implies that a possible eavesdropper can not intercept, measure and re emit a photon without introducing a significant and therefore detectable error in the re emitted signal. Thus, it is possible to build a system that allows two parties, the sender and the receiver, to exchange information and detect where the communication channel has been tempered with. If the channel has not been manipulated, they share a secret that can be used as a key for classical Cryptography.

DEPT OF ECE,G.M.I.T

PAGE 9

QUANTUM CRYPTOGRAPHY

7.BB84 PROTOCOL

The first protocol for Quantum Key Distribution (QKD) was proposed in 1984 by Bennett and Brassard of IBM and University of Montreal respectively (the name originates from the authors). BB84 is the protocol most widely used for quantum key distribution, which allows two users to establish an identical and purely random sequence of bits at two different locations while allowing revealing any eavesdropping. This protocol uses two channels for the distribution of the key i.e. quantum channel and classical channel. Quantum Channel: This channel is made to carry quantum bits and is kept private. It can be optical fiber. Classical Channel: This channel is publicly accessible. It could be a radio broadcast or a telephone line. The data exchanged over classical channel is not secure and open to everyone. BB84 Protocol employs two stages Distribution of Quantum Key over the Quantum Channel. Distribution of Key over the Public Channel.

7.1 BB84 Protocol without Eavesdropping Lets consider the following scenario, Alice and Bob are linked together via a noiseless optical fiber. To exchange a secret key in the BB84 protocol, Alice and Bob must do as follows: Step1: Alice creates a random binary sequence 010111 Step2: Alice randomly chooses the basis for each bit. We say that + represents rectilinear basis and X represents diagonal basis. Step3: Alice use a light source to create sequence of photons and a set of polarizers, to polarize in desired direction i.e., randomly in one of the four polarization states. Step4: Alice sends the photon sequence to Bob over a suitable quantum channel, such as an optical fiber.

DEPT OF ECE,G.M.I.T

PAGE 10

QUANTUM CRYPTOGRAPHY

Step5: Bob simultaneously make a guess about basis for each photon and measure it accordingly. He does not know which of his measurements are correct, i.e. measured in the same basis as measured by the Alice. Now Bob produce a new sequence of bits. Step6: Now Alice and Bob communicate over classical channel or public channel to discuss the basis they used for measurement of each photon. This communication carries no information about the values of the measurement. Specifically, Alice chooses a subset of bits and tells Bob which basis she used to encode them to Bob. Bob tells Alice which basis he used to decode the same bits. Where the same basis was used, Alice tells Bob what bits he ought to have got.

Step7: Suppose in this case, Alice choose subset of original bits (2nd, 4th, and 5th bits) and discuss it with Bob. a) For 2nd bit, Bob choose rectilinear basis and it differs from Alices basis (diagonal) and Bob get wrong result. b) For 4th bit, Alice and Bob choose same basis (rectilinear) and Bob get right result. c) Similarly for 5th bit, Alice and Bob choose same basis (diagonal) and get the same result. Step8: Alice and Bob discard the bits for which Bob use the basis different from Alice and keep only those bits for which measurement was same.

DEPT OF ECE,G.M.I.T

PAGE 11

QUANTUM CRYPTOGRAPHY

Step9: Alice and Bob have now made sure that the channel is secure. The test bits are removed. (2nd, 4th, and 5th bits). Alice tells Bob the basis she used for the other bits, and they both have a common set of bits. This final set of bits is the final key. In this case, Alice tells the basis used for 1st, 3rd, and 6th bits and this will become final key. In the above procedure, if bob attempts to measure a rectilinearly polarized photon with a diagonally oriented measurement device (and vice versa), the outcome will be random, either 0 or; in this case, the original bit value represented by the photon is encoded in its rectilinear polarization, and all information about the rectilinear polarization is lost. So, an incorrect choice of measurement basis randomizes the outcome of a measurement, which is only accurate in this case with probability 50%. If n photons are transmitted in total, there is a probability (0.5)n that Bob will measure all of them correctly.

7.2 BB84 Protocol with Eavesdropping Lets consider the following scenario, illustrated in figure: Alice and Bob are linked together via a noiseless optical fiber. Eve, the eavesdropper tries to listen to the quantum channel. Eve is capable of intercepting the photons sent by Alice, perform measurement on them and resend them to Bob. In case of eavesdropping, Eve does not have the knowledge of the basis for incoming photons. Like Bob, Eve guesses the basis for her measurement randomly, as well. In 50% cases Eve guesses properly and resend correctly polarized photons. In other 50% cases, Eve uses wrong measure (no clone theorem) and resend different polarized photons and produces errors. Step1: Alice creates a random binary sequence s = 001101. Step2: Alice randomly chooses the basis for each bit. We say that + represents rectilinear basis and X represents diagonal basis. (Remember: Rectilinear polarization: + (0 or 90); Diagonal polarization: X (45 or 135) Step3: Alice use a light source to create sequence of photons and a set of polarizers, to polarize in desired direction i.e., randomly in one of the four polarization states. Step4: Eve make a random choice of measurement basis.

DEPT OF ECE,G.M.I.T

PAGE 12

QUANTUM CRYPTOGRAPHY

Step5: With the basis chosen by Eve, she produces the sequence of bits 0??101.

Step6: Eve substitutes the photon she has intercepted, by encoding the bits obtained in the previous step with the basis chosen in step 4. This is known as intercept-resend attack. Step7: Bob receives the photon send by Eve on the quantum channel. Now Bob choose a random basis for measurement. Suppose Bob choose measurement basis +XX+X+, obtaining finally a sequence of bits = 0???01.

Step8: Alice and bob communicate over public channel and discuss their measurements. They detects Eves presence with the second bit, for which they uses identical basis but obtained different values; they discard the third, forth and sixth bit, i.e. s = 000 and s` = 0?0. Now Alice and Bob have common set of bits and this final set of bits is the final key.

DEPT OF ECE,G.M.I.T

PAGE 13

QUANTUM CRYPTOGRAPHY

8. IMPLEMENTATIONS

As of March-2007, the longest distance over which quantum key distribution has been demonstrated using optic fiber is 148.7 km, achieved by Los Alamos/NIST using the BB84 protocol. Significantly, this distance is long enough for almost all the spans found in today's fiber networks. The distance record for free space QKD is 144 km between two of the Canary Islands, achieved by a European collaboration using entangled photons (the Ekert scheme) in 2006, and using BB84 enhanced with decoy states in 2007. The experiments suggest transmission to satellites is possible, due to the lower atmospheric density at higher altitudes. For example although the minimum distance from the International Space Station to the ESA Space Debris Telescope is about 400 km, the atmospheric thickness is about an order of magnitude less than in the European experiment, thus yielding less attenuation compared to this experiment. In 2004, the world's first bank transfer using quantum cryptography was carried in Vienna, Austria. An important check, which needed absolute security, was transmitted from the Mayor of the city to an Austrian bank. The world's first computer network protected by quantum cryptography was implemented in October 2008, at a scientific conference in Vienna. The network used 200 km of standard fiber optic cable to interconnect six locations across Vienna and the town of St. Poelten located 69 km to the west. The event was witnessed by Gilles Brassard and Anton Zeilinger. You can purchase your own quantum cryptography system today from a company called MagiQ for a mere $50,000 that could transmit up to 120km distance.

DEPT OF ECE,G.M.I.T

PAGE 14

QUANTUM CRYPTOGRAPHY

9. LIMITATIONS
In reality, many factors besides Eve exist that could alter the polarization of the light waves. Even simple physical occurrences like water vapor in the air could alter the polarizations. For this reason, it is very difficult to transmit the light over long distances. There is no currently known way to develop "quantum routers" or "quantum gateways" analogous to the routers and gateways of the Internet. There is no way that one person's home computer could be directly connected to every Internet server that the person could ever be interested in. It has been suggested that an eavesdropper could use a "quantum memory" device to store the photons she intercepts, without performing measurements until the correct choices of basis are made known. It has also been noted that, in practice, all communication channels are prone to noise and, hence, errors will necessarily occur. Importantly, the proof of unconditional security of BB84 shows that both these scenarios can be dealt with effectively - neither affects the security of the overall procedure. A scheme such as BB84 can ensure that an eavesdropper is always detected, it may not always be possible to establish a secret key at the end of the procedure. Generally, as soon as an eavesdropper is detected, the procedure must be aborted and postponed to a later date. Photon number splitting attack-In the BB84 protocol Alice sends quantum states to Bob using single photons. In practice many implementations use laser pulses attenuated to a very low level to send the quantum states. These laser pulses contain a very small amount of photons, for example 0.2 photons per pulse, which are distributed according to a Poissonian distribution. This means most pulses actually contain no photons, some pulses contain 1 photon and a few pulses contain 2 or more photons. If the pulse contains more than one photon, then Eve can split of the extra photons and transmit the remaining single photon to Bob. This is the basis of the photon number splitting attack, where Eve stores these extra photons in a quantum memory until Bob detects the remaining single photon and Alice reveals the encoding basis. Eve can then measure her photons in the correct basis and obtain information on the key without introducing detectable errors.

DEPT OF ECE,G.M.I.T

PAGE 15

QUANTUM CRYPTOGRAPHY

10.CONCLUSION

If the huge processing power of futuristic quantum computers implemented, then most public key cryptography will become history.

can be

The ultimate goal is to make QKD more reliable, integrate it with today's telecommunications infrastructure, and increase the transmission distance and rate of key generation. Thus the Long-term goals of quantum key distribution are the realistic implementation via fibers, for example, for different buildings of a bank or company ,and free space key exchange via satellites. Quantum cryptography already provides the most advanced technology of quantum information science, and is on the way to achieve quantum jump from university laboratories to the real world. Quantum cryptography promises to revolutionize secure communication by providing security based on the fundamental laws of physics, instead of the current state of mathematical algorithms or computing technology. The devices for implementing such methods exist and the performance of demonstration systems is being continuously improved. Within the next few years, if not months, such systems could start encrypting some of the most valuable secrets of government and industry.

DEPT OF ECE,G.M.I.T

PAGE 16

QUANTUM CRYPTOGRAPHY

11.REFERENCES

Wikipedia, Quantum Cryptography, http://en.wikipedia.org/wiki/Quantum_cryptography

Quantum Information Partners, The Science & Potential of Quantum Cryptography, http://www.qipartners.com/publications/The_Science_&_Potential_of_QC.pdf

Nikolaos K. Papanikolaou, An Introduction to Quantum Cryptography, http://www.acm.org/crossroads/xrds11-3/qcrypto.html

Wikipedia, BB84, http://en.wikipedia.org/wiki/BB84

Ralf Brunner, Christian Cachin, Ueli Maurer, Christian Vonsch, Secret Key Agreement by Public Discussion, http://www.crypto.ethz.ch/research/keydemo/Overview.html

Salvatore Vittorio, Quantum Cryptography: Privacy Through Uncertainty, http://www.csa.com/discoveryguides/crypt/overview.php

Matthias Scholz, Quantum Key Distribution via BB84-An Advanced Lab Experiment, http://nano.physik.hu-berlin.de/teaching/Praktikum/crypto.pdf

Mart Haitjema, A Survey of the Prominent Quantum Key Distribution Protocols, http://www.cs.wustl.edu/~jain/cse571-07/ftp/quantum/index.html#b92

Cryptography Timeline Carl Ellison http://world.std.com/~cme/html/timeline.html

DEPT OF ECE,G.M.I.T

PAGE 17